Installation and operation
Installation overview
The installation instructions for the Infrastructure Agent are divided into different sections, depending on the operating system.
- Debian and Ubuntu
- Red Hat Enterprise Linux (RHEL), Oracle Linux (OL), and CentOS
- Windows
Note
The Infrastructure Agent can be used on monitored hosts with older Opsview versions, even if you do not upgrade to the latest version. However, we recommend that you upgrade to the latest version of Opsview to ensure that all changes, including security fixes and new features, will work correctly with the Infrastructure Agent.
See Supported versions for the full list of supported platforms.
Debian and Ubuntu
On Debian and Ubuntu, run:
# OPSVIEW-APT-KEY.asc GPG fingerprint:
# 3814 C24C F407 EC2F 9EB0 7631 327C 70CD 0FC6 984B
sudo apt-get update && sudo apt-get install gnupg
wget -q https://downloads.opsview.com/OPSVIEW-APT-KEY.asc
echo '7bb20dfbe1c86fb22909c5c8d299a1eb99f1b602a29368abfc942d248b8635d2 OPSVIEW-APT-KEY.asc' | sha256sum -c && cat OPSVIEW-APT-KEY.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/opsview-repo.gpg > /dev/null
echo "deb [signed-by=/etc/apt/trusted.gpg.d/opsview-repo.gpg] https://downloads.opsview.com/infrastructure-agent/apt $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/infrastructure-agent.list
sudo apt-get update && sudo apt-get install infrastructure-agent
Alternatively, you can download the ITRS Infrastructure Agent from Agent Downloads and then run:
sudo apt install /path/to/downloaded/infrastructure-agent*.deb
RHEL, OL, and CentOS
On RHEL, OL, and CentOS run:
# OPSVIEW-RPM-KEY.asc GPG fingerprint:
# 3814 C24C F407 EC2F 9EB0 7631 327C 70CD 0FC6 984B
cat <<EOF | sudo tee /etc/yum.repos.d/infrastructure-agent.repo
[infrastructure-agent]
name = Infrastructure Agent
baseurl = https://downloads.opsview.com/infrastructure-agent/yum/rhel/\$releasever/\$basearch/
enabled = 1
gpgcheck = 1
gpgkey = https://downloads.opsview.com/OPSVIEW-RPM-KEY.asc
EOF
sudo yum install infrastructure-agent
Alternatively, you can download the ITRS Infrastructure Agent from Agent Downloads and then run:
sudo yum install /path/to/downloaded/infrastructure-agent*.rpm
Windows
You can download the ITRS Infrastructure Agent from Agent Downloads and run the Windows Infrastructure Agent installer MSI file.
Initial configuration
The Agent requires some initial configuration prior to operation. This configuration can be added to custom configuration files in the following locations:
Linux
On Linux, edit:
/opt/itrs/infrastructure-agent/cfg/custom/agent.yml
Windows
On Windows, edit:
C:\Program Files\Infrastructure Agent\cfg\custom\agent.yml
Note
The configuration file is written in YAML, a whitespace-sensitive syntax. Additional YAML configuration files can be added to thecustom
directory and will be read in alphabetical order.
Allowed hosts
The Agent will reject requests from any hosts by default. You must configure it to accept requests from known hosts. Typically, these hosts will be the servers from any monitoring systems that are querying this device. You can configure this list in the custom configuration file:
server:
allowed_hosts:
- collector1.mysystem.local
- collector2.mysystem.local
- 168.10.1.2
If the Agent has successfully imported its existing configuration, the allowed_hosts
may already be defined in the cfg/imported.yml
file.
To allow any hosts to submit requests, you can use an empty list:
server:
allowed_hosts: []
Warning
It is not recommended to set theallowed_hosts
as an empty list. This would allow any host to launch plugins against the server.
Transport Layer Security
To ensure the security of communications, it is recommended to always enable TLS. The custom configuration file can be used to set a valid CA, certificate, and key file in the server
tls
section.
server:
tls:
cert_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.pem
key_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.key
ca_cert: /opt/itrs/infrastructure-agent/cfg/custom/ca.pem
check_client_cert: true
tls_enabled: true
Note
If no custom TLS options are set, the Agent will generate and use a custom self-signed certificate by default. The certificate and key are stored in thevar
directory of the Agent.
Default TLS Ciphers
The specific cipher selected will be determined by negotiation between the client and server, and will rely on a number of variables, including the version of OpenSSL (new versions support TLS-1.3 and have additional secure ciphers available).
ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ADH-AES256-SHA:ADH-AES128-SHA:!MD5:!DSS
Generate certificates
Certificates can be generated using any valid method. The CA certificate, server certificate, and server key should be added to the TLS configuration. Client certificates should be added to the hosts listed under allowed_hosts
.
Warning
Settingtls_enabled
to false is not recommended as communications will not be secure.
Restart the Agent
Once the configuration file has been updated, the Agent must be restarted to apply the new configuration. If you are migrating from another Agent, such as NRPE or NSClient, you should stop and disable those agents before starting the Infrastructure Agent to avoid any interference.
Linux
On Linux, run:
sudo systemctl restart infrastructure-agent
Windows Control Panel
- Open Services.
- Click Start > Run, and then type
services.msc
. - Right-click the
InfrastructureAgent
service and then click Restart.
Windows command prompt
From the start menu, right-click Command Prompt, select More > Run as Administrator and then type:
net stop InfrastructureAgent
net start InfrastructureAgent
The agent will automatically try to restart itself if it encounters an error, such as an invalid configuration. However, the restart behavior may vary slightly depending on the operating system:
Ubuntu 18, Ubuntu 20, Debian 10, RHEL 8, OL 8
- The Agent will attempt to restart twice with a 10-second pause between restarts.
- After updating the configuration, the Agent will need to be restarted manually.
OL 7, CentOS 7, RHEL 7, and Windows
- The Agent will continually restart every 10 seconds.
- After updating the configuration, the Agent will restart automatically.
Poller
The poller provides a mechanism that allows the Agent to poll specified plugins in the background on a schedule. This allows for capturing and aggregating data at a higher frequency than what is normally supported by plugin execution.
Poller operation
The Poller will read the poller_schedule
and ensure that plugins are executed at the specified interval.
poller_schedule:
checkcpu: 10
Agent version
The Agent’s version is stored in the version file, which is located in the Agent’s var
directory.
You can read the version number directly from the file, or you can retrieve it remotely by sending an empty check_nrpe
command to the Agent. The version number follows its own release cycle and has the format <major>.<minor>.<build>
.